SOFIA (Reuters) – A cybersecurity expert accused of involvement in hacking the personal data of millions of Bulgarian taxpayers was conditionally released on Wednesday after prosecutors downgraded charges against him.
Bulgarian Kristian Boykov was arrested on Tuesday, a day after the country’s biggest ever data breach came to light in emails to local media from someone purporting to be a Russian hacker and offering stolen tax agency files.
Sofia prosecutors, who have tracked one of the stolen files to a user name they say was used by Boykov, said their investigation was continuing. He says he is innocent.
They dropped an initial charge against the 20-year-old of computer crime against critical infrastructure, in favour of the lesser offence of a crime against information systems, which carries a maximum sentence of three years in jail.
The breach, for which the finance minister apologised in parliament, compromised the personal data of over 5 million Bulgarians in a country of 7 million, officials said.
They also said that initial signs suggested it was conducted from abroad.
Boykov was banned from leaving the country. His relationship with the email’s author, if any, is unclear.
The tax agency is facing a fine of up to 20 million euros ($22.5 million) over the breach, which happened at the end of June. It has launched a full audit of its information systems in an effort to avoid future cyber attacks.
The hack compromised about 3% of the agency’s database, officials said.
(Reporting by Tsvetelia Tsolova; editing by John Stonestreet)